The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
VRF Route Sharing is a functionality that allows intentional sharing of route information between separate, isolated Virtual Routing and Forwarding (VRF) instances on a router. This functionality allows traffic to be forwarded between an On-Premise site and a public cloud site.
Configure the VRF Route Sharing functionality to deploy shared services across hybrid clouds. Endpoints on the On-Premise site can consume shared services that run on the public cloud.
In a hybrid cloud solution where there is an APIC layer (On-Premise) and a public cloud site, the Cisco Catalyst 8000V instance connects the data centers through Layer-3 boundaries. The Cisco Catalyst 8000V instance has a VRF instance configured with two sets of import and export route-targets. One set of import and export route targets is associated with the BGP EVPN session that uses VXLAN encapsulation and provides L3 routing information in the On-Premise router.
The other set of import and export route targets is associated with the L3VPN BGP neighbour in the service provider network. The Cisco Catalyst 8000V instance enables the L3 traffic movement across the EVPN by stitching the route between the On-Premise site and the service provider network.
The Cisco Catalyst 8000V instance forwards traffic across the EVPN even if the VRFs have the same VTEP IP (VxLAN tunnel endpoint) and RMAC (router MAC address). With this feature, the Cisco Catalyst 8000V instance uses a binding label to setup the routing and forwarding chain.
The Cisco Catalyst 8000V instance shares the L3 prefix with multiple VRFs on the On-Premise site, and the On-Premise site shares its L3 prefixes with the Cisco Catalyst 8000V instance. The APIC layer imports the addresses and the services are thus consumed in the APIC side.
This chapter describes how to configure VRF Route Sharing across VxLAN peers to deploy shared services across the cloud.
The VRF Sharing functionality supports up to 32 common VRFs, and 1000 customer VRF combination.
This functionality does not support RT filters.
VRF Route Sharing is supported only for IPv4 addresses and not IPv6 addresses.
Consider this sample topology which explains the VRF Route Sharing functionality in a hybrid cloud. In this sample topology, assume the Cisco Catalyst 8000V instance is deployed on the VM of the public cloud. Site A is an ACI deployment site, while Site B is the public cloud.
Leaf 1 and Leaf 2 form the Virtual Port Channel (vPC) pair for ACI. Both vPCs have different Route Distinguishers (RD). VRF1 and VRF2 are configured on the vPC pair for ACI. For example:
VRF1 – RT:RT-EVPN-1, prefix:192.168.1.1
VRF2 – RT:RT-EVPN-2, prefix:192.168.2.2
VRF3 and VRF4 are configured on the Cisco Catalyst 8000V instance. These two VRFs connect to the Voice Gateway (VGW). Each VRF uses a different Route Target (RT). For example:
VRF3 – RT for EVPN: RT-EVPN-3, RT for IP BGP: RT-3, prefix:192.168.3.3
VRF4 – RT for EVPN: RT-EVPN-4, RT for IP BGP: RT-4, prefix:192.168.4.4
In this topology, assume the BGP-EVPN fabric is present between the ACI and the Cisco Catalyst 8000V instance in the public cloud. The IP BGP protocol is used between the Cisco Catalyst 8000V instance and a cloud service provider, such as Microsoft Azure. The BGP-EVPN fabric redistributes the stitching routes between the EVPN and the IP BGP.
To enable the traffic flow between the ACI Site and the Public Cloud, both ACI and the Cisco Catalyst 8000V instance need to support VRF Route Sharing.
The Cisco Catalyst 8000V instance must be able to import the EVPN routes of VRF1 and VRF2 from ACI into VRF3 and VRF4. The IP BGP on the Cisco Catalyst 8000V side then redistributes the routes to the VGW in the public cloud.
 Note |
When the VTEP (VxLAN Tunnel Endpoint) IP and the RMAC (Route MAC addrress) are the same for two leafs, and the VNIC alone differs, theCisco Catalyst 8000V instance can forward the traffic across the tunnel. |
Using the same sample topology, here are the use cases for configuring VRF Route Sharing in a Cisco Catalyst 8000V instance:
When VRF1 and VRF2 can talk to VRF3, but VRF3 and VRF4 cannot talk to each other.
vrf definition VRF3
rd 300:1
address-family ipv4
route-target export RT-EVPN-3 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitching
vrf definition VRF4
rd 400:1
address-family ipv4When VRF1 and VRF2 can talk to VRF3&4, but VRF3 and VRF4 cannot talk to each other.
vrf definition VRF3
rd 300:1
address-family ipv4
route-target export RT-EVPN-3 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitching
vrf definition VRF4
rd 400:1
address-family ipv4
route-target export RT-EVPN-4 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitchingWhen VRF1 and VRF2 can talk to VRF3, but VRF3 and VRF4 can talk to each other.
vrf definition VRF3
rd 300:1
address-family ipv4
route-target export RT-EVPN-3 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitching
route-target export RT-3
route-target import RT-4
vrf definition VRF4
rd 400:1
address-family ipv4
route-target import RT-3
route-target export RT-4When VRF1 and VRF2 can talk to VRF3&4, but VRF3 and VRF4 can talk to each other.
vrf definition VRF3
rd 300:1
address-family ipv4
route-target export RT-EVPN-3 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitching
route-target export RT-3
route-target import RT-4
vrf definition VRF4
rd 400:1
address-family ipv4
route-target export RT-EVPN-4 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitching
route-target import RT-3
route-target export RT-4For this use case, the Cisco Catalyst 8000V instance must configure EVPN on both VRF3 and VRF4.
Although IP BGP imports all the routes from VRF3 and VRF4, BGP does not advertise the imported routes of the VRF to the EVPN peer.
Note |
Use the Stitching keyword in the configuration only when the sharing happens across the EVPN. |
Perform this configuration to set up VRF Route Sharing in a hybrid cloud.
|
Step 1 |
Run the vrf definition command to define the VRFs. |
|
Step 2 |
Create each VRF instance with a unique route distinguisher (RD). For each VRF, specify route-targets for both import and export using the route-target import and route-target export commands. Example:In this sample solution, VRF 1 and VRF 2 (on-premise) can talk to VRF 3 and VRF 4 (in the public cloud). However, VRF3 and VRF4 cannot talk to each other. |
|
Step 3 |
Assign interfaces to the VRFs. This configuration sets up each interface to use the correct VRF, configures the IP settings, and activates the interface. |
|
Step 4 |
Configure BGP on the router. Redistribute routes using this configuration. |
Run the commands in this task to check if the VRF Route Sharing feature is enabled.
|
Step 1 |
show ip bgp l2vpn evpn summary . Provides the BGP summary information for the VRF default address family (L2VPN EVPN). Example: |
|
Step 2 |
show ip route vrf vrf3 bgp | in binding . Displays IP routing tables for the VRF. If a binding label appears in the output, the configuration is successful and BGP uses the binding label as the next hop. Example: |
Feedback